PerspectiveA Russian Military Contractor Has a Shady New Android Malware Kit
A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications. The so-called “Monokle” malware is extremely invasive.It is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient.
A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications, according to mobile security company Lookout.
Sean Lyngaas writs in Cyberscoop that the malware allegedly developed by the contractor, St. Petersburg-based Special Technology Center (STC), is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient.
The so-called “Monokle” malware is extremely invasive, according to Lookout. It can record a target device’s screen while the user is unlocking it, capturing the user’s PIN. It abuses Android’s accessibility features to harvest data from third-party apps. And it uses “predictive-text dictionaries” to figure out what a target user is interested in.
